Cybersecurity Fundamentals Prof. Georges Ataya, Vice President of the Belgian Cybersecurity Coalition Academic Director, IT Management Education (Solvay Brussels School of Economics and Management) Managing Partner, ICT Control SA
Previously: One to One solution Security Threat Address Vulnerability
Previously: One to One solution Virus infection Social engineering Technical threat Software to detect and eradicate malware Staff awareness and education Technical solution
Building higher defensive walls and installing defense-in-depth solutions
Advanced persistent threats
List of major APT Attacks Attack name Period Impact or outcome Tens of thousands of files stolen, including maps of military installations, troop configurations and military Moonlight Maze 1998 2000 hardware designs, resulting in millions of dollars of damage Titan Rain 2003 2005 Not disclosed. Likely to be similar to Moonlight Maze Trade secrets stolen, including design, financial, manufacturing and strategic planning information from US Sykipot 2007 2012 and UK companies, resulting in loss of competitiveness GhostNet 2008 2009 Political and economic data compromised on more than 1,000 computers in over 100 countries Operation Aurora 2009 2010 Large quantities of intellectual property stolen, resulting in substantial losses in competitiveness Infected more than one million computers around the world, causing tens of millions of dollars in Gozi 2007 onward damages Compromised tens of thousands of FTP accounts on company sites and several million bank users, Zeus 2007 onward resulting in the theft of hundreds of millions of dollars SpyEye 2009 onward Millions of dollars stolen from the customer accounts of several hundred banks across the world The malware was reported to have caused substantial damage to the centrifuges at the Natanz nuclear Stuxnet 2010 enrichment laboratory in Iran. Duqu 2011 Captured information that might enable a future APT attack on industrial control systems Stole information from around 1,000 machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Flame 2012 Egypt. Attacks ceased when publicly disclosed Reported to have stolen hundreds of terabytes of secrets from diplomatic, trade, military, aerospace, Red October 2007 2012 energy, and research organizations in Russia, Iran, the US, and other countries Eurograbber 2012 Stole an estimated 36 million euro from more than 30,000 customers in over 30 banks across Europe
Sources of APT Threat
Highest Enterprise Risk of Successful APT Attack WHAT DO YOU BELIEVE TO BE THE HIGHEST RISK TO YOUR ENTERPRISE ASSOCIATED WITH A SUCCESSFUL APT ATTACK?
The Cyber Kill Chain Sequence of activities conducted by an attacker to carry out an APT attack
The Cybersecurity Skills Gap 2 There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available 1. 1 However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them. 1 McKinsey Study 2011 2 Source: 2013 Global Information Security Workforce Study, Frost & Sullivan and Booz Allen Hamilton.
Cybersecurity Roles The structure and governance of every organization is different and varies based on the type of organization. Each organization has its own mission (business), size, industry, culture and legal regulations. However, all organizations have a responsibility and duty to protect their assets and operations, including their IT infrastructure and information Compliance Executive Management Senior Information Security Management Risk management Board of Directors Cybersecurity Practitioners Information Security Roles
Knowledge domains for Information Security Age Technical Generic Management Source: Georges Ataya
Cybersecurity processes IDENTIFY PROTECT DETECT RESPOND RECOVER 2015 ICTC.EU
Cybersecurity processes IDENTIFY PROTECT DETECT RESPOND RECOVER
Sources of information To be downloaded at isaca.org
2014 Information security risk can be seen as the multiplication of three factors: assets, vulnerabilities and threats.
Executive Education in IT Management Executive Education in Information Security Management Solvay.edu/IT
Executive Master in IT Management Executive Master in Information Risk and Cybersecurity Executive Programme in CIO Practices CIO Leadership IT Business Agility Enterprise and IT Architecture IT Sourcing IT Management Consulting Executive Programme in Security Governance Information Security Cybersecurity Solvay.edu/IT
Lectured tracks and modules S track Info Security G track IT Governance M track IT Management B track Business Agility A track Activating skills S1 Information Security Management G1 The CIO Foundation M1 Applications Build and Management B1 Enterprise Strategy and Architecture A1 IT Finance and Portfolio Management S2 IT Security Practices G2 IT Governance Workshop M2 IT Services and Run Management B2 Business Transformation A2 Soft Skills for IT professionals S3 Cybersecurity Workshop G3 IT Risk and Legal concerns M3 IT Sourcing Management B3 Digital Agility and Innovation A3 Building Expert Opinion 2014 ictc.eu Solvay.edu/IT
Today: Knowledge exchange Share experiences: good and bad Learn from each other Create the foundations for the awareness building and the policy recommendations Ultimate goal Get the number of infected computers down
Georges Ataya gataya@solvay.edu solvay.edu/it